Facebook Offensive Security Engineer in Menlo Park, California

Intro:
Facebook's mission is to give people the power to share, and make the world more open and connected. Through our growing family of apps and services, we're building a different kind of company that helps billions of people around the world connect and share what matters most to them. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to make the world more open and accessible. Connecting the world takes every one of us—and we're just getting started.

Summary:
Facebook's Security team is looking for an offensive security engineer that can deliver technical leadership for our offensive security team and execute tactical, offensive assessments across our environments. This individual should have extensive experience across the attack lifecycle and a demonstrated capacity to lead an offensive security team. Candidates are expected to scope, prep and deliver goal-oriented assessments that positively benefit our prevention, detection and response capabilities. This role requires a desire to help drive fixes after testing cycles.

Required Skills:

  1. Lead offensive capabilities for Facebook, including building out a long term strategy and approach

  2. Develop the program and methodology that shapes how we approach this space

  3. Document and model our infrastructure from an attacker's perspective

  4. Build tooling to automate this and use this model to inform and drive our assessments

  5. Perform scoped and open-ended assessments on internal and external facing systems

  6. Perform research to identify new ways of achieving your mission, with an emphasis of open-sourcing wherever possible

Experience:

  1. Extensive experience performing internal and external assessments

  2. Extensive experience in tailored reconnaissance, weaponization, exploitation and lateral movement

  3. Experience in scripting and coding. Publicly released tools or modules are a plus

    1. Strong networking knowledge, including network virtualization technologies

    2. Strong knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems

    3. Strong knowledge of attack surfaces for common enterprise systems and services

    4. A desire to shape our industry by open-sourcing and discussing tools, techniques, procedures and advancements we have made

Minimum Qualifications:

  1. Extensive experience performing internal and external assessments

  2. Extensive experience in tailored reconnaissance, weaponization, exploitation and lateral movement

  3. Experience in scripting and coding. Publicly released tools or modules are a plus

  4. Strong networking knowledge, including network virtualization technologies

  5. Strong knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems

  6. Strong knowledge of attack surfaces for common enterprise systems and services

  7. A desire to shape our industry by open-sourcing and discussing tools, techniques, procedures and advancements we have made

Industry: Internet

Equal Opportunity: As part of our dedication to the diversity of our workforce, Facebook is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations-ext@fb.com or you may call us at 1+650-308-7837.